@Override public KeyVersion call(KMSClientProvider provider) throws IOException { return provider.createKey(name, material, options); } }, nextIdx(), false);
private KMSClientProvider[] createProviders(Configuration conf, URL origUrl, int port, String hostsPart) throws IOException { String[] hosts = hostsPart.split(";"); KMSClientProvider[] providers = new KMSClientProvider[hosts.length]; for (int i = 0; i < hosts.length; i++) { try { providers[i] = new KMSClientProvider( new URI("kms", origUrl.getProtocol(), hosts[i], port, origUrl.getPath(), null, null), conf); } catch (URISyntaxException e) { throw new IOException("Could not instantiate KMSProvider.", e); } } return providers; } }
@Override @SuppressWarnings("unchecked") public List<String> getKeys() throws IOException { URL url = createURL(KMSRESTConstants.KEYS_NAMES_RESOURCE, null, null, null); HttpURLConnection conn = createConnection(url, HTTP_GET); List response = call(conn, null, HttpURLConnection.HTTP_OK, List.class); return (List<String>) response; }
@Override public void deleteKey(String name) throws IOException { checkNotEmpty(name, "name"); URL url = createURL(KMSRESTConstants.KEY_RESOURCE, name, null, null); HttpURLConnection conn = createConnection(url, HTTP_DELETE); call(conn, null, HttpURLConnection.HTTP_OK, null); }
@Override @SuppressWarnings("unchecked") public Metadata[] getKeysMetadata(String ... keyNames) throws IOException { List<Metadata> keysMetadata = new ArrayList<Metadata>(); List<String[]> keySets = createKeySets(keyNames); for (String[] keySet : keySets) { if (keyNames.length > 0) { Map<String, Object> queryStr = new HashMap<String, Object>(); queryStr.put(KMSRESTConstants.KEY, keySet); URL url = createURL(KMSRESTConstants.KEYS_METADATA_RESOURCE, null, null, queryStr); HttpURLConnection conn = createConnection(url, HTTP_GET); List<Map> list = call(conn, null, HttpURLConnection.HTTP_OK, List.class); for (Map map : list) { keysMetadata.add(parseJSONMetadata(map)); } } } return keysMetadata.toArray(new Metadata[keysMetadata.size()]); }
@Test public void testLoadBalancingWithAllBadNodes() throws Exception { Configuration conf = new Configuration(); KMSClientProvider p1 = mock(KMSClientProvider.class); when(p1.createKey(Mockito.anyString(), Mockito.any(Options.class))) .thenThrow(new IOException("p1")); KMSClientProvider p2 = mock(KMSClientProvider.class); when(p2.createKey(Mockito.anyString(), Mockito.any(Options.class))) .thenThrow(new IOException("p2")); KMSClientProvider p3 = mock(KMSClientProvider.class); when(p3.createKey(Mockito.anyString(), Mockito.any(Options.class))) .thenThrow(new IOException("p3")); KMSClientProvider p4 = mock(KMSClientProvider.class); when(p4.createKey(Mockito.anyString(), Mockito.any(Options.class))) .thenThrow(new IOException("p4")); when(p1.getKMSUrl()).thenReturn("p1"); when(p2.getKMSUrl()).thenReturn("p2"); when(p3.getKMSUrl()).thenReturn("p3"); when(p4.getKMSUrl()).thenReturn("p4"); KeyProvider kp = new LoadBalancingKMSClientProvider( new KMSClientProvider[] { p1, p2, p3, p4 }, 0, conf); try { kp.createKey("test3", new Options(conf)).getName(); fail("Should fail since all providers threw an IOException"); } catch (Exception e) { assertTrue(e instanceof IOException); } } }
@Override public void invalidateCache(String name) throws IOException { checkNotEmpty(name, "name"); final URL url = createURL(KMSRESTConstants.KEY_RESOURCE, name, KMSRESTConstants.INVALIDATECACHE_RESOURCE, null); final HttpURLConnection conn = createConnection(url, HTTP_POST); // invalidate the server cache first, then drain local cache. call(conn, null, HttpURLConnection.HTTP_OK, null); drain(name); }
@Override public void warmUpEncryptedKeys(String... keyNames) throws IOException { Preconditions.checkArgument(providers.length > 0, "No providers are configured"); boolean success = false; IOException e = null; for (KMSClientProvider provider : providers) { try { provider.warmUpEncryptedKeys(keyNames); success = true; } catch (IOException ioe) { e = ioe; LOG.error( "Error warming up keys for provider with url" + "[" + provider.getKMSUrl() + "]", ioe); } } if (!success && e != null) { throw e; } }
private KeyVersion rollNewVersionInternal(String name, byte[] material) throws NoSuchAlgorithmException, IOException { checkNotEmpty(name, "name"); Map<String, String> jsonMaterial = new HashMap<String, String>(); if (material != null) { jsonMaterial.put(KMSRESTConstants.MATERIAL_FIELD, Base64.encodeBase64String(material)); } URL url = createURL(KMSRESTConstants.KEY_RESOURCE, name, null, null); HttpURLConnection conn = createConnection(url, HTTP_POST); conn.setRequestProperty(CONTENT_TYPE, APPLICATION_JSON_MIME); Map response = call(conn, jsonMaterial, HttpURLConnection.HTTP_OK, Map.class); KeyVersion keyVersion = parseJSONKeyVersion(response); invalidateCache(name); return keyVersion; }
} catch (IOException ioe) { LOG.warn("KMS provider at [{}] threw an IOException: ", provider.getKMSUrl(), ioe);
@Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { checkNotNull(material, "material"); try { return createKeyInternal(name, material, options); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("It should not happen", ex); } }
if (jsonOutput != null) { os = conn.getOutputStream(); writeJson(jsonOutput, os); String requestMethod = conn.getRequestMethod(); URL url = conn.getURL(); conn = createConnection(url, requestMethod); if (contentType != null && !contentType.isEmpty()) { conn.setRequestProperty(CONTENT_TYPE, contentType); return call(conn, jsonOutput, expectedResponse, klass, authRetryCount - 1);
options.setBitLength(128); options.setDescription("l1"); KeyProvider.KeyVersion kv0 = kmscp.createKey(keyName, options); assertNotNull(kv0.getVersionName()); kmscp.generateEncryptedKey(keyName).getEncryptionKeyVersionName()); kmscp.invalidateCache(keyName); kq.get(keyName).put(mockEKV); assertEquals("Key version incorrect after invalidating cache + putting" + " mock key.", mockVersionName, kmscp.generateEncryptedKey(keyName).getEncryptionKeyVersionName()); kmscp.invalidateCache(keyName); assertEquals("Cache invalidation guarantee failed.", "k1@0", kmscp.generateEncryptedKey(keyName) .getEncryptionKeyVersionName());
@Override public EncryptedKeyVersion call(KMSClientProvider provider) throws IOException, GeneralSecurityException { return provider.generateEncryptedKey(encryptionKeyName); } }, nextIdx(), true);
HttpURLConnection conn; try { final String doAsUser = getDoAsUser(); conn = getActualUgi().doAs(new PrivilegedExceptionAction <HttpURLConnection>() { @Override conn.setDoOutput(true); conn = configureConnection(conn); return conn;
@Override public KeyVersion createKey(String name, Options options) throws NoSuchAlgorithmException, IOException { return createKeyInternal(name, null, options); }
conn.setDoOutput(true); conn = configureConnection(conn); return conn;
private <T> T call(HttpURLConnection conn, Object jsonOutput, int expectedResponse, Class<T> klass) throws IOException { return call(conn, jsonOutput, expectedResponse, klass, authRetry); }